Hi, I have finally had time to test 4.3-rc5 especially (my greatly anticipated) process limitiation with cgroup-pids. With bash forkbombs, it really works nice, however, I had some side effects with the forkbomb from https://github.com/linux-vserver/util-vserver/blob/master/tests/forkbomb.c The good thing: my test systems did not die as in previous versions during the simulated attack. But executing the file with e.g. ./forkbomb 100000 100 fork I get "unable to fork process: Resource temporarily unavailable" on the host (e.g. while trying to have a look via "watch -n 2 cat /sys/fs/cgroup/pids/lxc/dev04/pids.current") and inside other cgroup processes. This happens with various (low) limits in the respective pids.max; also it doesn't matter whether to launch the forkbomb in a privileged or unprivileged/user-namespace cgroup. Maybe someone could have a look, please, as this would be a real nice feature for a hosting service. And thanks for your great work! Best regards, Robert -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
